zlacker

[parent] [thread] 6 comments
1. mtomwe+(OP)[view] [source] 2023-01-24 11:08:01
xiphias2: Are you sure about it deleting IDB data even if they are installed on the homescreen? We've not come across that before.

If so this is something we really need to follow up.

replies(2): >>xiphia+k >>saurik+G1
2. xiphia+k[view] [source] 2023-01-24 11:11:27
>>mtomwe+(OP)
I'm not sure, I just read it somewhere some time ago, somewhere I read that iOS deletes it weekly or something like that. But I'm happy that I was wrong about it.
replies(1): >>mtomwe+J1
3. saurik+G1[view] [source] 2023-01-24 11:23:07
>>mtomwe+(OP)
https://webkit.org/blog/10218/full-third-party-cookie-blocki...

> As mentioned, the seven-day cap on script-writable storage is gated on “after seven days of Safari use without user interaction on the site.” That is the case in Safari. Web applications added to the home screen are not part of Safari and thus have their own counter of days of use. Their days of use will match actual use of the web application which resets the timer. We do not expect the first-party in such a web application to have its website data deleted.

> If your web application does experience website data deletion, please let us know since we would consider it a serious bug. It is not the intention of Intelligent Tracking Prevention to delete website data for first parties in web applications.

So, while adding it to the home screen still involves this mechanism, the "first-party"--which I understand to be the website which was actually added to the home screen, differentiating it from all of the third-party websites that it might link you to--is presumably going to be used every time you use that icon on the home screen and since that icon also has its own usage counter it won't ever be counting up when you aren't using it, so you are "good" (unless the user manages to use your home screen added app for seven days without ever ending up back at the "first-party" site somehow, which seems like an oddity and maybe one they mitigated directly).

replies(1): >>djxfad+X9
◧◩
4. mtomwe+J1[view] [source] [discussion] 2023-01-24 11:23:34
>>xiphia+k
Oh right, yeah, I think there's an exception for home screen apps. Now it's worse for Web Apps to have the data deleted, but I do understand the privacy reasons why Apple is deleting the IDB data.
◧◩
5. djxfad+X9[view] [source] [discussion] 2023-01-24 12:31:28
>>saurik+G1
Couldn't you get around this by e.g. having a JWT auth token be a part of the webapps insalled url? And then if local data is missing, use the token to fetch it from a backend store? That's how I would solve it at least.
replies(2): >>happym+n61 >>saurik+kQ1
◧◩◪
6. happym+n61[view] [source] [discussion] 2023-01-24 17:01:09
>>djxfad+X9
This doesn't feel like it's a great idea but considering the implication of your webapp forgetting stuff, I'm not sure of a better option.
◧◩◪
7. saurik+kQ1[view] [source] [discussion] 2023-01-24 19:53:01
>>djxfad+X9
1) The people who are really caring about this are trying to avoid having the data be stored on some server also, and 2) so are you claiming Apple got this wrong?... Like, their mechanism here sounded pretty sufficient to me.
[go to top]